Cybercure News – 24-02-20

This podcast will give you a summary of the latest news related to cyber intelligence and proactive cyber security in only a few minutes.

The podcast is aimed at professionals who are short on time, or for anyone who would like to know a bit more about what is REALLY happening out there in the cyber world.

The focus of this podcast will be on the latest cyber events for non-technical people; anyone can listen and understand.

Facebook’s official accounts on Twitter and Instagram have been temporarily taken over and then defaced by a group of hackers known as OurMine.

The attacks has been carried out by OurMine, the same hacker group who last week defaced Twitter, Instagram, and Facebook accounts for the NFL and sports TV station ESPN. 

The hacks took place before the Super Bowl, in order to gain the group repetitional points and media coverage and it worked for them.

OurMine defacement group have been defacing many high profile web sites that among the rest included BuzzFeed,TechCrunch, Marissa Mayer of Yahoo, and many other celebrities such as Lana Del Rey, Kylie Jenner and others.

we have gone into more details about web defacement attacks in previous posts, web defacements have been on the internet since the early 2000’s and are still very popular. 

while usually hacking is stealth and hidden many times the hackers wants to leave a message for the public to see and this is where defacements fill the place, after performing a successful hack attack defacing a web site or social account related to the entity that was hacked is useful way to make sure people will know what has happened. 

Maastricht University located in the netherlands disclosed that it paid 30 bitcoin ransom requested by the attackers who encrypted some of its critical systems following a cyberattack that took place on December 23, 2019.

The university from The Netherlands placed in the top 500 universities in the world by five different ranking tables during the last two years.

“The attack ultimately focused on more than 200 servers running Windows operating system. The attacker focused on encrypting data files in the Windows servers. The backups seems to be also affected.”

According to Fox-IT, the hackers were able to infiltrate the university’s systems via two phishing emails that were opened on two systems on October 15 and 16. Until November 21 when they gained admin rights on an unpatched machine, the attackers moved through network compromising servers and deployed ransomware payload on those Windows systems. The university paid the ransom to have the files decrypted on December 30 after closely analyzing the options including rebuilding all infected systems from scratch or attempting to create a decryptor.

The university also disclosed that it acquired the ransomware decryptor from the attackers by paying a 30 bitcoin ransom (roughly $220,000) to restore all the encrypted files as Reuters reported. 

It also said, “It is a decision that was not taken lightly by the Executive Board. But it was also a decision that had to be made, We felt, in consultation with our management and our supervisory bodies, that we could not make any other responsible choice when considering the interests of our students and staff.”

Hopefully that next time some basic measures against such attacks will be deployed.

Organizations today needs to continuously educate about phishing attacks but at the same time make sure the network design architecture covers cases of infection and making sure networks are isolated and hackers cant reach the backups themselves.

That’s it for this podcast, stay safe and see you in the next podcast.

Don’t forget to visit for the latest podcasts on cyber intelligence.

Leave a Reply